 The AWS shared responsibility model defines what you (as an AWS account holder/user) and AWS are responsible for when it comes to security and compliance. Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve customer’s operational burdens as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. AWS are responsible for “Security of the Cloud” .
Customers are responsible for “Security in the Cloud”.
The following diagram shows the split of responsibilities between AWS and the customer: Inherited Controls – Controls which a customer fully inherits from AWS.
Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in separate contexts or perspectives. In the AWS shared security model, a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples of shared controls include:
Customer Specific – Controls which are solely the responsibility of the customer based on the application they are deploying within AWS services. . Examples of customer specific controls include:
Answers are C. Decouple the AWS Cloud architecture to break up monolithic deployments. E. Design elasticity into the AWS Cloud design. Architecture is not about moving physical devices D is so wrong. We don't move any hardware devices to cloud. Cloud provides a virtual data center for us, with a log of network services for customer's varied needs. But customers don't move their network devices to AWS.C is a bit confusing as I was going through some documentations, Monolithic deployments are related to containers and microservices but not with well architected framework. Loose coupling is definitely a principle of the framework, but the wording of question throws you off here because it mentions monolithic deployments and not monolithic applications - two different concept. Page 2Answer is Use an AWS service that is in scope for PCI compliance and apply PCI controls at the application layer As long as you are using AWS services that are PCI DSS compliant, the entire infrastructure that supports in-scope services is compliant and there is no separate environment or special API to use. Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html Page 3 (Security and compliance within the AWS Cloud) The customer is responsible. AWS is responsible. AWS and the customer share responsibility. AWS shares responsibility with the relevant governing body.
Answer is AWS and the customer share responsibility. Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer's operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. Reference: https://aws.amazon.com/compliance/shared-responsibility-model/ Question 72 What is the customer's responsibility while using Amazon RDS? (Security and compliance within the AWS Cloud) Patching and maintenance of the underlying operating system. Managing automatic backups of the database. Controlling network access through security groups. Replacing failed instances in the event of a hardware failure.
Answer is Controlling network access through security groups. Use security groups to control what IP addresses or Amazon EC2 instances can connect to your databases on a DB instance. When you first create a DB instance, its firewall prevents any database access except through rules specified by an associated security group. Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html Question 73 Which of the following operational controls do users completely inherit from AWS as part of the AWS shared responsibility model? (Security and compliance within the AWS Cloud) Security management of data center Patch management Configuration management User and access management
Answer is Security management of data center the question is asking what control was AWS FULLY in control of and then the customer inherit full control. All the choices are either shared control or fully under the customer to begin with and A being the only full AWS control. So A is the answer. Reference: https://aws.amazon.com/compliance/shared-responsibility-model/ Question 74 All AWS users have access to which AWS Trusted Advisor check? (Security and compliance within the AWS Cloud) Core checks All checks Cost optimization checks Fault tolerance checks
Answer is Core checks What does Trusted Advisor check? Trusted Advisor includes an ever-expanding list of checks in the following four categories: Cost Optimization – recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill. Security – identification of security settings that could make your Amazon Web Services solution less secure. Fault Tolerance – recommendations that help increase the resiliency of your Amazon Web Services solution by highlighting redundancy shortfalls, current service limits, and overutilized resources. Performance – recommendations that can help to improve the speed and responsiveness of your applications. Reference: https://www.amazonaws.cn/en/support/trustedadvisor/faq/#checks Question 75 Which of the following is an example of security in the AWS Cloud under the AWS shared responsibility model? (Security and compliance within the AWS Cloud) Managing edge locations Physical security Firewall configuration Global infrastructure
Answer is Firewall configuration The AWS Shared Responsibility Model – This specifies that AWS is responsible for security of the Cloud while the customer is responsible for security 'in' the Cloud. Customer’s Responsibility – Patching the OS running on EC2 instances; creating security groups; configuring the firewall; managing user accounts, access rights, and permissions; securing AMIs; and encrypting data at the client and server side. Question 76 Permissions for which of the following are managed by service control policies (SCPs)?(Security and compliance within the AWS Cloud) Availability Zones AWS Regions AWS Organizations Edge locations Question 77 According to the AWS shared responsibility model, which job is shared between AWS and the customer?(Security and compliance within the AWS Cloud) Physical and environmental controls Server hardware management and encryption Application security Patch management and configuration management
Answer is Patch management and configuration management Shared Controls: Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. Awareness & Training - AWS trains AWS employees, but a customer must train their own employees. Reference: https://aws.amazon.com/compliance/shared-responsibility-model/ Question 78 Which duty is the customer's responsibility while administering AWS Lambda functions under the AWS shared responsibility model? (Security and compliance within the AWS Cloud) Creating versions of Lambda functions Maintaining server and operating systems Scaling Lambda resources according to demand Updating the Lambda runtime environment Question 79 Which of the following is a duty of the client under the AWS shared responsibility model? (Select two.)(Security and compliance within the AWS Cloud) Decommissioning of physical storage devices Security group and ACL configuration Patch management of an Amazon RDS instance operating system Controlling physical access to data centers Patch management of an Amazon EC2 instance operating system
Answers are; https://aws.amazon.com/compliance/shared-responsibility-model/ Question 80 What attributes of an AWS account can AWS Trusted Advisor monitor and advise on? (Select two.) (Security and compliance within the AWS Cloud) Compliance with security best practices Application performance Network utilization Cost optimization Compliance status Previous QuestionNext QuestionBack to top © 2017-2022 Pass n Exam, Inc. · Privacy · Terms |
